Citrix Netscaler日常配置管理

最新推荐文章于 2024-10-24 11:46:46 发布

郑广技术博客

最新推荐文章于 2024-10-24 11:46:46 发布

阅读量2.7k

点赞数 1

分类专栏：负载均衡文章标签： netscaler 负载均衡

本文链接：https://blog.csdn.net/mtldswz312/article/details/102566343

版权

负载均衡专栏收录该内容

8 篇文章

订阅专栏

本文详细介绍NetScaler设备的功能配置，包括负载均衡、内容切换、集群管理等，并提供实例演示，同时涵盖设备监控命令，帮助管理员有效管理和维护NetScaler。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

1、查看开启的功能特性
> show feature
   Feature Acronym Status
   ------- ------- ------
3)   Load Balancing LB ON
4)   Content Switching CS ON
5)   Cache Redirection CR OFF

2、查看主备状态
> show ha node
1)   Node ID: 0
   IP: 1.1.1.2 (ns2)
   Node State: STAYPRIMARY
   Master State: Primary
   Fail-Safe Mode: OFF
   INC State: DISABLED
   Sync State: ENABLED
   Propagation: ENABLED
   Enabled Interfaces : 1/12 1/11 1/10 1/9 1/6 1/5 1/4 1/3 1/2 1/1 0/1 LA/1
   Disabled Interfaces : None
   HA MON ON Interfaces : 1/1 LA/1
   HA HEARTBEAT OFF Interfaces : None
   Interfaces on which heartbeats are not seen : 1/12 1/11 1/10 1/9 1/6 1/5 1/4 1/3 0/1 LA/1
   Interfaces causing Partial Failure: None
   SSL Card Status: UP
   Hello Interval: 200 msecs
   Dead Interval: 3 secs
   Node in this Master State for: 88:6:13:51 (days:hrs:min:sec)
2)   Node ID: 1
   IP: 1.1.1.1
   Node State: STAYSECONDARY
   Master State: Secondary
   Fail-Safe Mode: OFF
   INC State: DISABLED
   Sync State: SUCCESS
   Propagation: ENABLED
   Enabled Interfaces : 1/12 1/11 1/10 1/9 1/6 1/5 1/4 1/3 1/2 1/1 0/1 LA/1
   Disabled Interfaces : None
   HA MON ON Interfaces : 1/1 LA/1
   HA HEARTBEAT OFF Interfaces : None
   Interfaces on which heartbeats are not seen : 1/12 1/11 1/10 1/9 1/6 1/5 1/4 1/3 0/1 LA/1
   Interfaces causing Partial Failure: None
   SSL Card Status: UP

Local node information:
Critical Interfaces: 1/1 LA/1
Done

3、查看端口信息
> show interface
2)   Interface 1/1 (Gig Ethernet 10/100/1000 MBits) #11
   flags=0xc020 <ENABLED, UP, UP, autoneg, HAMON, HEARTBEAT, 802.1q>
   MTU=1500, native vlan=1, MAC=00:e0:ed:54:83:25, uptime 2118h18m40s
   Requested: media AUTO, speed AUTO, duplex AUTO, fctl OFF,
        throughput 0
   Actual: media UTP, speed 1000, duplex FULL, fctl OFF, throughput 1000
   LLDP Mode: NONE,       LR Priority: 1024

   RX: Pkts(84644566) Bytes(25583735630) Errs(0) Drops(6) Stalls(0)
   TX: Pkts(84972648) Bytes(26403550884) Errs(0) Drops(0) Stalls(0)
   NIC: InDisc(0) OutDisc(0) Fctls(0) Stalls(0) Hangs(0) Muted(0)
   Bandwidth thresholds are not set.

> stat interface
Interface Summary
ID IntfState IntfAlias Rx Bytes Tx Bytes Rx Pkts Tx Pkts
1/8 UP 25894M 4816M 199515k 21704880
1/7 UP 14553M 16962M 132260k 61343482
1/2 UP 25396M 25925M 83528389 83243609
1/1 UP 25586M 26406M 84651503 84980359
LO/1 UP 425726M 572609M 2951M 5852M
LA/1 UP 40448M 21779M 331775k 83048362

4、查看使用ip列表和接口VLAN信息
> show ns ip
   Ipaddress Traffic Domain Type Mode Arp Icmp Vserver State
   --------- -------------- ---- ---- --- ---- ------- ------
1)   1.1.1.2 0 NetScaler IP Active Enabled Enabled NA Enabled
3)   10.100.59.5 0 SNIP Active Enabled Enabled NA Enabled #设备管理IP地址
4)   10.100.59.11 0 VIP Active Enabled Enabled Enabled Enabled #用户访问解析到的地址

> show vlan
1)   VLAN ID: 1
   Link-local IPv6 addr: fe80::ec4:7aff:fe45:7e5/64
   Interfaces : 1/12 1/11 1/10 1/9 1/6 1/5 1/4 1/3 1/2 1/1 0/1 LO/1
   Channels : LA/1

2)   VLAN ID: 59   VLAN Alias Name:
   Channels : LA/1(T)
   IPs :
   10.100.59.5    Mask: 255.255.255.0

5、查看license许可情况、
> show license
   License status:
   Web Logging: YES
   Load Balancing: YES
   SSL VPN: YES (Maximum users = 500) (Maximum ICA users = Unlimited)
   Rewrite: YES
   Responder: YES
   Model Number ID: 8200
   License Type: Standard License
   Licensing mode: Local

6、查看service运行情况
> show service
1)   lb_svc_web2 (10.105.2.61:80) - HTTP
   State: DOWN
   Last state change was at Thu Jul 18 10:56:18 2019
   Time since last state change: 87 days, 22:15:47.150
   Server Name: 10.105.2.61
   Server ID : None    Monitor Threshold : 0
   Max Conn: 0   Max Req: 0   Max Bandwidth: 0 kbits
   Use Source IP: NO
   Client Keepalive(CKA): NO
   Access Down Service: NO
   TCP Buffering(TCPB): NO
   HTTP Compression(CMP): NO
   Idle timeout: Client: 180 sec   Server: 360 sec
   Client IP: DISABLED
   Cacheable: NO
   SC: OFF
   SP: OFF
   Down state flush: ENABLED
   Monitor Connection Close : NONE
   Appflow logging: ENABLED
   Process Local: DISABLED
   Traffic Domain: 0

7、查看Vserver运行情况
> show vserver
6)   M-API (10.100.59.95:80) - HTTP   Type: ADDRESS
   State: UP
   Last state change was at Tue Oct 1 03:59:45 2019
   Time since last state change: 13 days, 05:14:45.590
   Effective State: UP
   Client Idle Timeout: 180 sec
   Down state flush: ENABLED
   Disable Primary Vserver On Down : DISABLED
   Appflow logging: ENABLED
   Port Rewrite : DISABLED
   No. of Bound Services : 2 (Total)    2 (Active)
   Configured Method: LEASTCONNECTION
   Current Method: Round Robin, Reason: Bound service's state changed to UP   BackupMethod: ROUNDROBIN
   Mode: IP
   Persistence: NONE
   Vserver IP and Port insertion: OFF
   Push: DISABLED   Push VServer:
   Push Multi Clients: NO
   Push Label Rule: none
   L2Conn: OFF
   Skip Persistency: None
   Listen Policy: NONE
   IcmpResponse: PASSIVE
   RHIstate: PASSIVE
   New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0
   Mac mode Retain Vlan: DISABLED
   DBS_LB: DISABLED
   Process Local: DISABLED
   Traffic Domain: 0
   TROFS Persistence honored: ENABLED
   Retain Connections on Cluster: NO

8、查看版本信息
> show ver
NetScaler NS11.1: Build 61.7.nc, Date: Jan 31 2019, 03:09:31

9、查看硬件运行时间、硬件负载情况
> stat ns
System overview
Up since Wed Apr 17 07:05:58 2019
Packet CPU usage (%) 0.20
Management CPU usage (%) 0.00
Memory usage (MB) 369
InUse Memory (%) 4.99
System state UP
Master state Primary
# SSL cards UP 3
# SSL cards present 3
System Disks Used (%) Available
/flash Used (%) 2 15094
/var Used (%) 14 127491

10、显示LB Vserver状态信息
> stat lbvserver
Virtual Server(s) Summary vsvrIP port Protocol State Req/s
lb_v...slweb 10.100.59.10 443 SSL_BRIDGE UP 0/s

11、显示service状态信息
> stat service
Service(s) Summary IP port Type State Req/s
lb_s...slweb 10.105.2.8 443 SSL_BRIDGE UP 0/s

12、查看LB对应的后端主机信息
> show lbvserver M-API
   M-API (10.100.59.95:80) - HTTP   Type: ADDRESS
   State: UP
   Last state change was at Tue Oct 1 03:59:45 2019
   Time since last state change: 13 days, 05:54:16.20
   Effective State: UP
   Client Idle Timeout: 180 sec
   Down state flush: ENABLED
   Disable Primary Vserver On Down : DISABLED
   Appflow logging: ENABLED
   Port Rewrite : DISABLED
   No. of Bound Services : 2 (Total)    2 (Active)
   Configured Method: LEASTCONNECTION
   Current Method: Round Robin, Reason: Bound service's state changed to UP   BackupMethod: ROUNDROBIN
   Mode: IP
   Persistence: NONE
   Vserver IP and Port insertion: OFF
   Push: DISABLED   Push VServer:
   Push Multi Clients: NO
   Push Label Rule: none
   L2Conn: OFF
   Skip Persistency: None
   Listen Policy: NONE
   IcmpResponse: PASSIVE
   RHIstate: PASSIVE
   New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0
   Mac mode Retain Vlan: DISABLED
   DBS_LB: DISABLED
   Process Local: DISABLED
   Traffic Domain: 0
   TROFS Persistence honored: ENABLED
   Retain Connections on Cluster: NO

Bound Service Groups:
1) Group Name: M-API

1) M-API (10.100.63.151: 80) - HTTP State: UP Weight: 1
2) M-API (10.100.63.152: 80) - HTTP State: UP Weight: 1
Done

> show serviceGroup M-API
   M-API - HTTP
   State: ENABLED   Effective State: UP   Monitor Threshold : 0
   Max Conn: 0   Max Req: 0   Max Bandwidth: 0 kbits
   Use Source IP: NO
   Client Keepalive(CKA): NO
   TCP Buffering(TCPB): NO
   HTTP Compression(CMP): NO
   Idle timeout: Client: 180 sec   Server: 360 sec
   Client IP: ENABLED X-Forwarded-For
   Cacheable: NO
   SC: OFF
   SP: OFF
   Down state flush: ENABLED
   Monitor Connection Close : NONE
   Appflow logging: ENABLED
   Process Local: DISABLED
   Traffic Domain: 0

   1) 10.100.63.151:80   State: UP   Server Name: 10.100.63.151   Server ID: None   Weight: 1
   Last state change was at Tue Oct 1 03:59:45 2019
   Time since last state change: 13 days, 05:56:04.710

       Monitor Name: tcp-default    State: UP   Passive: 0
       Probes: 603623   Failed [Total: 28 Current: 0]
       Last response: Success - TCP syn+ack received.

   2) 10.100.63.152:80   State: UP   Server Name: 10.100.63.152   Server ID: None   Weight: 1
   Last state change was at Tue Oct 1 04:00:33 2019
   Time since last state change: 13 days, 05:55:16.640

       Monitor Name: tcp-default    State: UP   Passive: 0
       Probes: 604830   Failed [Total: 29 Current: 0]
       Last response: Success - TCP syn+ack received.

12、查看集群状态信息
> stat HA node
HA Summary
High Availability YES #集群关键指标
System state UP
Master state Primary
Last Transition time Thu Jul 18 02:47:41 2019
Heartbeats received 155602381
Heartbeats sent 193215666

13、故障日志收集
#show techsupport命令收集日志

14、配置信息查看
show server server-1
show lb vserver Vserver-zg-test
show service Service-HTTP-1
show service bindings Service-HTTP-1
stat lb vserver server-1
stat service Service-HTTP-1

案例一：基本负载均衡的配置
1、添加后端主机的别名
add server zg-test-4.38 10.105.4.38
add server zg-test-4.39 10.105.4.39

2、为后端服务器添加服务、端口及属性
add service Server-HTTP-zg-test-1 zg-test-4.38 HTTP 80 -gslb NONE -maxClient 1000 -maxReq 1000 -cip ENABLED REALIP -usip NO -useproxyport YES -sp OFF -cltTimeout 10 -svrTimeout 20 -CKA YES -TCPB NO -CMP YES
add service Server-HTTP-zg-test-2 zg-test-4.39 HTTP 80 -gslb NONE -maxClient 1000 -maxReq 1000 -cip ENABLED REALIP -usip NO -useproxyport YES -sp OFF -cltTimeout 10 -svrTimeout 20 -CKA YES -TCPB NO -CMP YES
参数说明：
1）maxclinet：netscaler向后端发送打开的连接数的最大值。
2）manxReq：netscaler向后端发送服务器一个连接可以发送的最大请求数量。
3）cip：是否在HTTP中启用传递客户端的IP地址
4）usip：默认使用代理，即以本机的MIP作为源IP想后端服务器发起TCP请求，在某些业务中，可以使用转发的方式，即不改变源IP地址，以客户端作为源IP不变。
5）useproxyport：在启用了usip时，是否以客户端的TCP端口作为源端口。
6）sp：浪涌保护，一般建议关闭。
7）cltTimeout，svrTimeout：关闭不活跃的TCP连接，（分别是客户端和服务器端）保持时间。

3、创建虚拟机服务，定义VIP地址等
add lb vserver Vserver-zg-test HTTP 10.100.59.20 80 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT -persistenceBackup SOURCEIP -cltTimeout 10
参数说明：
1）lbMethod：负载均衡的算法，如轮询，最小连接
2）persistenceType：会话保持的方法，可以使用cookieinsert，源地址会话保持。
3）persistenceTypeBackup：如果第一种方法失败，使用第2中种。
4）cltTimeout：客户端超时时间。

4、service和vserver做个绑定
bind lb vserver Vserver-zg-test Server-HTTP-zg-test-1
bind lb vserver Vserver-zg-test Server-HTTP-zg-test-2

案例二：基本内容交换的负载均衡配置
1、添加一个内容交换的策略
add cs policy zg-cs-test-host-bbs.fr.sdo.com -rule "REQ.HTTP.HEADER Host == bbs.fr.sdo.com"

2、添加后端主机的别名
add server zg-test-4.38 10.105.4.38
add server zg-test-4.39 10.105.4.39

3、为后端服务器添加服务、端口及属性
add service Server-HTTP-zg-test-1 zg-test-4.38 HTTP 80 -gslb NONE -maxClient 1000 -maxReq 1000 -cip ENABLED REALIP -usip NO -useproxyport YES -sp OFF -cltTimeout 10 -svrTimeout 20 -CKA YES -TCPB NO -CMP YES
add service Server-HTTP-zg-test-2 zg-test-4.39 HTTP 80 -gslb NONE -maxClient 1000 -maxReq 1000 -cip ENABLED REALIP -usip NO -useproxyport YES -sp OFF -cltTimeout 10 -svrTimeout 20 -CKA YES -TCPB NO -CMP YES

4、添加2个Vserver，作为内部转发使用
add lb vserver Vserver-zg-test-9001 HTTP 10.100.59.20 9001 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT -persistenceBackup SOURCEIP -cltTimeout 10
add lb vserver Vserver-zg-test-9002 HTTP 10.100.59.20 9002 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT -persistenceBackup SOURCEIP -cltTimeout 10

5、绑定vserver与service
bind lb vserver Vserver-zg-test-9001 Server-HTTP-zg-test-1
bind lb vserver Vserver-zg-test-9002 Server-HTTP-zg-test-2

6、再添加一个内容交换的Vserver。
add cs vserver Vserver-zg-test HTTP 10.100.59.20 80 -cltTimeout 10

7、绑定交换内容Vserver通过策略分发到负载均衡的vserver
bind cs vserver Vserver-zg-test Vserver-zg-test-9001 -policyName cs-cs-test-host-bbs.fr.sdo.com -priority 100
bind cs vserver Vserver-zg-test Vserver-zg-test-9002